Rolling Out Remote Access

This topic includes information about rolling out Enterprise Access Management for MFA (formerly Imprivata Confirm ID) remote access with Citrix NetScaler Gateway to your users.

BEST PRACTICE:

To plan your rollout and learn how Remote Access works, start here.

Rolling Out Remote Access

Now that the gateway software and the Imprivata appliance are configured to communicate with each other, you can roll out Enterprise Access Management for MFA to your users.

Your browser may be blocking Enterprise Access Management's login user interface because the browser's Content Security Policy prohibits content that the user did not request from the Imprivata cloud.

  1. Run the following Powershell command to inject a script that adds an exception to the Content Security Policy:

    Set-AdfsResponseHeaders -SetHeaderName "Content-Security-Policy" -SetHeaderValue "default-src 'self' 'unsafe-inline' 'unsafe-eval' impr1.co; img-src 'self' data:;"

  2. Restart all your AD FS servers for this exception to take effect.

Step 4: Notify Users

Before you "go live" with Enterprise Access Management Remote Access, introduce this new system to your users. Let them know what to expect; request users enroll Imprivata ID and/or their phone number by a certain date, after which two-factor authentication will be enforced.

The Imprivata ID User Rollout Kit includes an email template "Introducing Enterprise Access Management Remote Access" that you can use to announce Remote Access support to your users; the HTML file includes a link for downloading the Imprivata ID app and instructions on how to enroll their Imprivata IDs. Paste the template into an email and customize for your enterprise.

Step 7: Future Rollouts

You can repeat steps 5 and 6 with more users in your enterprise, and new hires in departments already using Remote Access.